SECURITY ENHANCEMENT ON SIMPLE THREE PARTY PAKE PROTOCOL
Keywords: Huang’s three party PAKE protocol, undetectable online password guessing attack, unknown key share attack, password
AbstractIn the field of cryptography, the three-party authenticated key exchange protocol is an important tool, especially in the secure communication areas. In this protocol, two clients share a human-memorable password with a trusted server whereby the two clients receive a secure session key. Most recently, Huang proposed a simple and efficient three party password-based key exchange protocol. She claimed that the proposed protocol is secure against various attacks. However, Yoon and Yoo proved an undetectable online password guessing attack on Huang’s protocol. In the present paper, an unknown key share attack on Huang’s three party PAKE protocol using undetectable online password guessing attack is demonstrated. Additionally, an alternative protocol that eliminates this attack is proposed. Moreover, the proposed protocol requires only four message transmission rounds.
Copyright terms are indicated in the Republic of Lithuania Law on Copyright and Related Rights, Articles 4-37.